dcsimg

We found yet another phone with pre-installed malware via the Lifeline Assistance program

We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless by Virgin Mobile.  This time, an ANS (American Network Solutions) UL40 running Android OS 7.1.1.   After our writing back in January—”United States government-funded phones come pre-installed with unremovable malware“—we heard … [Read more...]

Android Trojan xHelper uses persistent re-infection tactics: here’s how to remove

We first stumbled upon the nasty Android Trojan xHelper, a stealthy malware dropper, in May 2019. By mid-summer 2019, xHelper was topping our detection charts—so we wrote an article about it. After the blog, we thought the case was closed on xHelper. Then a tech savvy user reached out to us in early January 2020 on the Malwarebytes support forum: “I have a phone that is infected with the … [Read more...]

United States government-funded phones come pre-installed with unremovable malware

A United States–funded mobile carrier that offers phones via the Lifeline Assistance program is selling a mobile device pre-installed with not one, but two malicious applications. Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget conscious option. At only $35 under the government-funded program, it’s an attractive offering. However, what it comes installed with … [Read more...]

Stealthy new Android malware poses as ad blocker, serves up ads instead

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default browser, ads in the notifications, and even … [Read more...]

Mobile Menace Monday: Android Trojan raises xHelper

Back in May, we classified what we believed was just another generic Android/Trojan.Dropper, and moved on. We didn’t give this particular mobile malware much thought until months later, when we started noticing it had climbed onto our top 10 list of most detected mobile malware. Henceforth, we feel a piece of mobile malware with such a high number of detections prompts a proper name and … [Read more...]

Mobile stalkerware: a long history of detection

Recently, we have received an alarming question from many Malwarebytes users, asking, “Do you detect stalkerware?” The answer is an overwhelming, “Absolutely, and for good reason!” Moreover, we have been doing so for a long time, and are expanding our efforts in the months to come. Going back more than five years, Malwarebytes researchers have detected applications and software that monitor … [Read more...]

Fake Instagram assistance apps found on Google Play are stealing passwords

We all want those Instagram likes and followers. Many apps on Google Play claim they can assist you with that effort. But what if the app that’s supposed to be helping you is also stealing your username and password?  As a matter of fact, that’s exactly what we found in three fake Instagram assistance apps still available on Google Play at the time of this writing. Moreover, these fake … [Read more...]

Mobile Menace Monday: top five scariest mobile threats

In the spirit of this upcoming Halloween season, we thought we’d provide you with a list of the top five scariest mobile threats in our book. The list is organized from least to most haunting, based on my own humble opinion gathered from several years as a mobile threat researcher. Of course, my opinion has also been formed by the data we’ve collected within the last few months that … [Read more...]

Mobile Menace Monday: SMS phishing attacks target the job market

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read: Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.<hidden>.com.   Could it be that our dream job awaits via random text message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters. Don’t quit your … [Read more...]

Mobile Menace Monday: FakeGift is the gift that keeps on frustrating

Last spring, we found yet another piece of riskware on Google Play we call Android/PUP.Riskware.FakeGift. Based on Hindi characters found in the code, we can assume it originates from India. With over 50,000 installs before being removed from Google Play, FakeGift apparently kept on giving—frustration to its users, that is. Click to view slideshow. Gift cash money As the name implies, FakeGift … [Read more...]